►
From YouTube: CNCF SIG Security 2020-08-12
Description
CNCF SIG Security 2020-08-12
A
A
It
seems,
like
I
think,
you're
gonna
be
having
all
the
agenda
items
today.
A
A
A
A
I
put
in
the
link
to
the
meeting
doc
in
the
chat.
So
if
you
could
put
in
your
attendance
and
the
meeting
notes
and
also
it'd
be
great,
if
we
can
have
one
or
two
scribes
to
kind
of
take
a
few.
A
A
All
right,
I
think
we
have
quite
a
good
number
of
people.
Let's
get
started
so
quick
announcement
before
we
jump
into
the
agenda,
there's
kubecon
going
on
next
week,
so
we
will
be
having
this
meeting
next
week,
so
that
will
be
canceled
other
than
that.
Also,
that
is
the
account
native
security
date.
That's
going
to
be
going
on
on
monday.
A
Emily
will
be
talking
about
that
a
bit
more
in
detail
later,
so
I'll
leave
it
to
her
later.
So,
let's
go
through
check-ins.
Let's
see
people
are
checking
in.
It
looks
like
we
don't
have
any
updates
outside
the
agenda
items,
so
I
guess
you
can
skip
right
in.
C
C
Just
the
open
policy
agent
are
applying
for
graduation,
and
so
they
need
a
security
review.
So
there
is
a
doc
on
a
draft
doc,
but
we
need
to
go
secure.
You
need
to
go
through
and
review.
D
We've
assessed
it
twice,
you
know
at
this
point
I
think
justin.
The
only
thing
it
needs
is
the
sort
of
chair
sign
off.
Does
it
need
a
write-up.
C
So
I
thought
I
suggest
that
that
they
should
update
it
with
what
had
changed
since
then,
rather
than
because
it
look.
E
I
don't
have
a
problem
with
that.
I
was
trying
to
make
the
process
not
not
be
onerous
for
anybody
involved
and
they
did
provide
information
along
those
those
lines.
E
So
I
did
ask
the
reviewers,
especially,
but
really
anybody
to
take
a
look
and
see
you
know
what
they
thought
about
those
changes,
but
when
it
came
time
to
actually
writing
the
document,
I
I
did
mostly
basically
just
copy
and
paste
from
our
request
before,
mostly
because
I
I
didn't
want
to
have
to
go
through
an
extended
process
to
get
a
new
text
approved.
C
E
F
C
Excellent
good
good
good
that
sounds
great,
then
I
think
in
that
case
yeah
then
we
probably
just
can
go
to
chair
sign
off
then.
D
C
D
Great
just
justin,
if
you
could
do
that
as
well,
and
then
I'll
I'll
try
to
listen
later
today,.
E
Yeah
I
I
I
approve
whatever
I
need
to
do
to
to
do
that.
I
yeah
I
wrote
that
thing
so
I
I
approve
it.
A
Thank
you
all
right,
thanks
justin,
let's
see,
I
think
we
don't
have
anything
else
for
check-ins.
Do
we
have
anyone
from
policy
work
group
or
the
next.
H
Updates,
I
did
sorry,
I'm
jump
in
the
middle.
I
did
have
a
something
that
I
wanted
to
to
bring
up,
but
I
don't
even
want
to
go
on
with
a
policy
working
group
or.
A
I
mean
go
for
it:
bridges.
H
Okay,
so
in
total
is
gearing
for
incubation,
and
I
know
that
the
security
made
the
recommendation
for
incubation
earlier
on.
There
was
a
discussion
on
slack
saying.
Yes,
this
is
still
the
recommendation.
H
Something
I
just
wanted
to
to
double
check
is:
is
there
any
way
or
like
any
requirement
for
the
sake
to
make
a
public
like
statement
like
this
somewhere
else,
more
official,
maybe
getting
another
like
or
like
just
reviewing
the
deck
of
the
original
recommendation,
or
how
can
we
get
more
of
it
like?
This?
Is
the
stance
that
everybody
can
verify
other
than
like
reading
the
security
slack.
H
Is
it
is
being
worked
with
with
michelle?
I
I
could
share
it.
I
don't
know,
maybe
after
my
meeting
with
her
tomorrow,
would
that
be
what
you
guys
would
want
like.
D
Yeah,
that's
that's
so
far
as
how
we've
you
know
expressed
that
you
know
we
have
in
toto
in
our
read
me,
as
you
know,
project
of
interest
to
us.
So
we
capture
that
kind
of
in
in
our
in
our
documentation.
D
But
you
know,
as
as
far
as
like
a
position
statement
to
the
you
know
the
rest
of
the
cncf.
The
way
that
we've
done
that
with
you
know
now,
with
oppa,
notary
and
other
stuff,
is
through
that
due
diligence
document
that
we
will
formally
sign
off
on
and
and
say
that
we
recommend
oh.
H
Perfect,
okay,
then
I
will
just
confirm
within
show
and
then
I'll
send
it
your
way.
Should
I
post
it
on
the
slack
or
should
I
send
it
to
you,
yeah.
D
Drop
it
into
security
on
slack
and
and
pygmy
okay,
great.
I
A
All
right
cool,
let's
see,
robert
anything
from
policy
site.
G
I
know
we
didn't
have
a
meeting
this
week.
We
have
it
every
other
week,
so
the
progress
report
this
week
but
I'll
come
back
next
week.
J
A
All
right,
let's
jump
into
what
we
had
the
items
we
had
for
today,
so
I
will
pass
this
over
now
to
emily.
B
Hey
everyone
so
as
a
reminder,
brandon
touched
on
it
earlier,
but
cloudnativecon
kubecon
is
next
week
and
security
is
kicking
off
with
the
co-located
virtual
event
on
monday
august
17th
starting
pretty
early
for
eastern
daylight
time,
but
around
one
for
amsterdam
time
cloud
native
security
day
is
next
week.
I'm
opening
up
with
opening
remarks
should
be
short
and
sweet,
but
we
do
have
a
lot
of
really
great
presenters.
So
if
you
haven't
registered
yet
go
online,
I
believe
registration
is
still
open.
B
I
think
it's
75
for
the
entire
week
and
then
an
additional
20
for
security
day,
so
lots
of
great
talks
hope
to
see
you
all
online.
So
that's
what
I
have
for
security
day.
The
other
thing
that
I
have
is
the
cloud
native
security
weight
paper
working
group
has
been
charging
forward.
B
We're
making
really
good
progress
on
getting
some
content
generated.
I've
been
reviewing
everybody's
comments
and
everybody's
input,
and
so
far
everything
is
looking
great.
I've
recently
updated
the
github
issue.
I
believe
it's
138
it's
linked
in
the
agenda
with
our
new
schedule,
just
time
bounding
when
our
when
folks
can
expect
to
have
certain
things
completed
by
or
within,
so
if
you're
interested
in
either
joining.
The
group
comment
on
the
issue
hit
me
up
in
the
slack
channel,
we'll
get
you
added
other
than
that
everything
is
going
really
well.
A
Cool
and
if
there's
anyone,
that's
kind
of
wants
to
jump
into
the
the
white
paper
now,
how
should
they
kind
of
go
about
it?.
B
B
Yeah,
so
the
issue
issue
number
138
has
a
complete
high
level
outline
of
topics
and,
if
you're
looking
for
more
specific
information,
it's
pretty
much
anything
that
has
to
do
with
the
technology
underlying
cloud
native
deployments,
as
well
as
the
life
cycle
processes
associated
with
doing
a
cloud
native
deployment.
So
everything
from
software
supply
chain
security
all
the
way
through
deployment,
monitoring
maintenance
and
upgrades
kubernetes
stack.
What
does
that?
B
If
you're
not
an
expert
in
any
of
those
fields,
that's
fine,
too
we're
looking
for
people
to
help
also
review
and
just
verify
the
content,
make
sure
that
it's
making
sense
making
sure
we're
on
target
with
our
audience
and
with
the
scope
of
the
paper,
I
saw
a
couple
of
comments
in
chat
I'll,
be
reaching
out
to
everybody.
J
J
All
right
cool
is,
there
is
probably
in
the
in
the
notes
here.
Is
there
a
link
for
paying
the
75
bucks
and
getting
in
the
conference.
B
I
am
looking
for
it
now
I'll
have
to
post
it
in
the
chat,
great.
A
Yeah
I'm
gonna
put
in
this.
This
is
thing
that
I
found,
which
is
like
a
register
now,
and
I
mean
it
basically
brings
you
back
to
the
coupon
registration,
but
through
the
registration
process,
I
think
they
will.
B
J
B
E
A
As
well,
okay,
I
think
that's
all
we
had
for
the
agenda
this
week
so.
G
I'll
just
add
my
my
pitch
again
for
volunteers
who
may
want
to
help
with
the
cloud
custodian
assessment.
I'm
still
looking
for
additional
help
on
that
project.
A
I
I'm
expecting
us
to
have
a
lot
of
new
faces,
probably
after
kubecon,
so
we
could
try
again.
There.
J
A
All
right
cool
anything
else,
if
not
we'll
call
this
meeting
and
then
we'll
see
everyone
at
quran
I'll
see
you
in
two
weeks
we
have.
We
also
have
a
sec
security
session,
that's
being
done
by
jj,
and
I
think
it
was
fuji
and
sarah
are
doing
this
security
session
at
coupon
so
drop
by.
If
you
can
as
well
cool
all
right,
see
everyone
soon.